AI Vs AI: Hackers use Artificial Intelligence for deepfakes and smart malware, while defenders counter with AI threat detection and predictive security.
Category: cybercrime/malcode
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul.
The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday.
Paper Werewolf, also known as GOFFEE, is assessed to have conducted at least seven campaigns since 2022, according to BI.ZONE, with the attacks mainly aimed at government, energy, financial, media, and other organizations.
The clone websites identified by DTI include a carousel of images that, when clicked, download a malicious APK file onto the user’s device. The package file acts as a dropper to install a second embedded APK payload via the DialogInterface. OnClickListener interface that allows for the execution of the SpyNote malware when an item in a dialog box is clicked.
“Upon installation, it aggressively requests numerous intrusive permissions, gaining extensive control over the compromised device,” DTI said.
“This control allows for the theft of sensitive data such as SMS messages, contacts, call logs, location information, and files. SpyNote also boasts significant remote access capabilities, including camera and microphone activation, call manipulation, and arbitrary command execution.”
Europol arrested five SmokeLoader customers using seized database links, exposing cybercrime’s hidden demand chain.
As websites incorporate more third-party tracking technologies, robust CSRF attack prevention becomes paramount. This case study illustrates how a misconfigured third-party vendor exposed CSRF tokens on a major retailer’s website, highlighting the risks of inadequate third-party security.
The Problem
A misconfiguration allowed a third-party pixel used by a major online retailer to access CSRF tokens and authentication tokens, which, as we noted, are critical security elements for preventing unauthorized actions. This exposure transmitted the tokens to remote third-party servers, creating a significant vulnerability that risked potential data breaches.
AkiraBot spammed 80,000 websites since September 2024 using GPT-4o-Mini, evading CAPTCHA with proxy tactics.
Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations.
In an 8-K filing to the U.S. Securities and Exchange Commission (SEC), Sensata says that the attack occurred on Sunday, April 6, and involved data theft, too.
“The incident has temporarily impacted Sensata’s operations, including shipping, receiving, manufacturing production, and various other support functions,” reads the notification.
Lovable AI scored 1.8 on VibeScamming tests, enabling full scam creation with minimal guardrails, risking mass phishing abuse.
ToddyCat exploits ESET’s CVE-2024–11859 flaw with TCESB malware, bypassing security tools via DLL hijacking.
Malware campaign via SourceForge and fake AI sites deploy miner, clipper, and RAT malware, impacting 4,604 users in Russia.